admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-14T00:55:24.556709+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-14 00:55:28 +00:00
parent 696bdc12e5
commit c4c8ff0dd1
24 changed files with 1348 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023/CVE-2023-314xx/CVE-2023-31492.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31492",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-17T23:15:09.167",
"lastModified": "2023-08-23T18:09:23.857",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T23:15:08.187",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
},
{
"lang": "es",
"value": "ADManager Plus versi\u00f3n 7182 y anteriores de ManageEngine de Zoho divulgaron las contrase\u00f1as predeterminadas para la restauraci\u00f3n de cuentas de dominios no autorizadas a los usuarios autenticados."
}
],
"metrics": {
@ -240,6 +244,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md",
"source": "cve@mitre.org",

10
CVE-2023/CVE-2023-364xx/CVE-2023-36485.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.497",
"lastModified": "2024-01-03T22:54:54.397",
"lastModified": "2024-02-14T00:22:22.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

10
CVE-2023/CVE-2023-364xx/CVE-2023-36486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.560",
"lastModified": "2024-01-03T22:54:36.863",
"lastModified": "2024-02-14T00:22:06.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

20
CVE-2023/CVE-2023-389xx/CVE-2023-38960.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38960",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T23:15:08.327",
"lastModified": "2024-02-13T23:15:08.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory."
}
],
"metrics": {},
"references": [
{
"url": "https://rodelllemit.medium.com/insecure-permissions-vulnerability-in-raidenftpd-v2-4-build-4005-2016-04-01-ea7389be3d33",
"source": "cve@mitre.org"
}
]
}

113
CVE-2023/CVE-2023-45xx/CVE-2023-4503.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4503",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-06T09:15:52.407",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:27:32.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,30 +70,107 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7637",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7638",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7639",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7641",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4503",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

78
CVE-2024/CVE-2024-06xx/CVE-2024-0684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0684",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-02-06T09:15:52.643",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:26:13.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -50,18 +80,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0979D6D-0274-400D-B70D-59ADECE3513F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1356B62D-5021-4994-BE95-B0565E51571B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E3D4F-1B74-4C0C-BE0B-A6FB9E905B7C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0684",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258948",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/18/2",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

159
CVE-2024/CVE-2024-06xx/CVE-2024-0690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0690",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-06T12:15:55.530",
"lastModified": "2024-02-07T22:15:09.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:27:00.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,22 +80,139 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.14.4",
"matchCriteriaId": "645218EF-62EC-4EA5-B196-6C52CC6BF0C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.15.0",
"versionEndExcluding": "2.15.9",
"matchCriteriaId": "B80D311E-FA64-4A61-BC42-441B56D3A019"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.16.0",
"versionEndExcluding": "2.16.3",
"matchCriteriaId": "DA1B5190-DFC2-4C0F-B190-515D768BB3CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0733",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0690",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/ansible/ansible/pull/82565",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

65
CVE-2024/CVE-2024-09xx/CVE-2024-0911.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0911",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-02-06T15:15:08.827",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:27:14.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Indent. Este problema puede permitir que un usuario local utilice un archivo especialmente manipulado para desencadenar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, lo que puede provocar un bloqueo de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,14 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:indent:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0840F9FF-EA53-47DD-813A-889E6EAA76A6"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0911",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
]
}
]
}

63
CVE-2024/CVE-2024-14xx/CVE-2024-1485.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-1485",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-14T00:15:46.783",
"lastModified": "2024-02-14T00:15:46.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1485",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d",
"source": "secalert@redhat.com"
}
]
}

82
CVE-2024/CVE-2024-223xx/CVE-2024-22365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22365",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T08:15:52.203",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:27:40.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,91 @@
"value": "linux-pam (tambi\u00e9n conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (proceso de inicio de sesi\u00f3n bloqueado) a trav\u00e9s de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.0",
"matchCriteriaId": "8B735A60-FB87-4597-BFF4-A6ED201E71A1"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/linux-pam/linux-pam",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

52
CVE-2024/CVE-2024-236xx/CVE-2024-23673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23673",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-06T10:15:08.833",
"lastModified": "2024-02-06T14:15:55.190",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:26:41.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:sling_servlets_resolver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "8C704B34-F87E-470B-B9DF-9F7B69F8FC7A"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

55
CVE-2024/CVE-2024-246xx/CVE-2024-24690.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24690",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:47.000",
"lastModified": "2024-02-14T00:15:47.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/",
"source": "security@zoom.us"
}
]
}

55
CVE-2024/CVE-2024-246xx/CVE-2024-24691.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24691",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:47.200",
"lastModified": "2024-02-14T00:15:47.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": " Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/",
"source": "security@zoom.us"
}
]
}

55
CVE-2024/CVE-2024-246xx/CVE-2024-24695.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24695",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:47.393",
"lastModified": "2024-02-14T00:15:47.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/",
"source": "security@zoom.us"
}
]
}

55
CVE-2024/CVE-2024-246xx/CVE-2024-24696.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24696",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:47.583",
"lastModified": "2024-02-14T00:15:47.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/",
"source": "security@zoom.us"
}
]
}

55
CVE-2024/CVE-2024-246xx/CVE-2024-24697.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24697",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:47.770",
"lastModified": "2024-02-14T00:15:47.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/",
"source": "security@zoom.us"
}
]
}

55
CVE-2024/CVE-2024-246xx/CVE-2024-24698.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24698",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:47.967",
"lastModified": "2024-02-14T00:15:47.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/",
"source": "security@zoom.us"
}
]
}

43
CVE-2024/CVE-2024-246xx/CVE-2024-24699.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-24699",
"sourceIdentifier": "security@zoom.us",
"published": "2024-02-14T00:15:48.150",
"lastModified": "2024-02-14T00:15:48.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/",
"source": "security@zoom.us"
}
]
}

59
CVE-2024/CVE-2024-251xx/CVE-2024-25118.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25118",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-13T23:15:08.417",
"lastModified": "2024-02-13T23:15:08.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w",
"source": "security-advisories@github.com"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-251xx/CVE-2024-25119.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25119",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-13T23:15:08.640",
"lastModified": "2024-02-13T23:15:08.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g",
"source": "security-advisories@github.com"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2024/CVE-2024-251xx/CVE-2024-25120.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-25120",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-13T23:15:08.867",
"lastModified": "2024-02-13T23:15:08.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c",
"source": "security-advisories@github.com"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-251xx/CVE-2024-25121.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-25121",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-13T23:15:09.080",
"lastModified": "2024-02-13T23:15:09.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (\"zero-storage\") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66",
"source": "security-advisories@github.com"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006",
"source": "security-advisories@github.com"
}
]
}

87
CVE-2024/CVE-2024-251xx/CVE-2024-25140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25140",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T09:15:52.827",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T00:26:27.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,94 @@
"value": "Una instalaci\u00f3n predeterminada de RustDesk 1.2.3 en Windows coloca un certificado WDKTestCert bajo Autoridades de certificaci\u00f3n ra\u00edz confiables con uso de clave mejorado de firma de c\u00f3digo (1.3.6.1.5.5.7.3.3), v\u00e1lido desde 2023 hasta 2033. Esto es potencialmente no deseado, por ejemplo , porque no existe documentaci\u00f3n p\u00fablica sobre las medidas de seguridad para la clave privada, y se podr\u00eda firmar software arbitrario si la clave privada se viera comprometida. NOTA: la posici\u00f3n del proveedor es \"no tenemos un certificado EV, por lo que utilizamos el certificado de prueba como workaround\". La inserci\u00f3n en autoridades de certificaci\u00f3n ra\u00edz de confianza era el comportamiento previsto originalmente y la interfaz de usuario garantizaba que el paso de instalaci\u00f3n del certificado (marcado de forma predeterminada) fuera visible para el usuario antes de continuar con la instalaci\u00f3n del producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rustdesk:rustdesk:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7967159-D276-41AA-AB79-5230D05B1E11"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rustdesk/rustdesk/discussions/6444",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://news.ycombinator.com/item?id=39256493",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://serverfault.com/questions/837994",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Technical Description"
]
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-13T23:00:25.084946+00:00
2024-02-14T00:55:24.556709+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-13T22:54:59.277000+00:00
2024-02-14T00:27:40.143000+00:00
```
### Last Data Feed Release
@ -29,45 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238388
238401
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `13`
* [CVE-2023-6152](CVE-2023/CVE-2023-61xx/CVE-2023-6152.json) (`2024-02-13T22:15:45.430`)
* [CVE-2024-24142](CVE-2024/CVE-2024-241xx/CVE-2024-24142.json) (`2024-02-13T21:15:08.210`)
* [CVE-2023-38960](CVE-2023/CVE-2023-389xx/CVE-2023-38960.json) (`2024-02-13T23:15:08.327`)
* [CVE-2024-25118](CVE-2024/CVE-2024-251xx/CVE-2024-25118.json) (`2024-02-13T23:15:08.417`)
* [CVE-2024-25119](CVE-2024/CVE-2024-251xx/CVE-2024-25119.json) (`2024-02-13T23:15:08.640`)
* [CVE-2024-25120](CVE-2024/CVE-2024-251xx/CVE-2024-25120.json) (`2024-02-13T23:15:08.867`)
* [CVE-2024-25121](CVE-2024/CVE-2024-251xx/CVE-2024-25121.json) (`2024-02-13T23:15:09.080`)
* [CVE-2024-1485](CVE-2024/CVE-2024-14xx/CVE-2024-1485.json) (`2024-02-14T00:15:46.783`)
* [CVE-2024-24690](CVE-2024/CVE-2024-246xx/CVE-2024-24690.json) (`2024-02-14T00:15:47.000`)
* [CVE-2024-24691](CVE-2024/CVE-2024-246xx/CVE-2024-24691.json) (`2024-02-14T00:15:47.200`)
* [CVE-2024-24695](CVE-2024/CVE-2024-246xx/CVE-2024-24695.json) (`2024-02-14T00:15:47.393`)
* [CVE-2024-24696](CVE-2024/CVE-2024-246xx/CVE-2024-24696.json) (`2024-02-14T00:15:47.583`)
* [CVE-2024-24697](CVE-2024/CVE-2024-246xx/CVE-2024-24697.json) (`2024-02-14T00:15:47.770`)
* [CVE-2024-24698](CVE-2024/CVE-2024-246xx/CVE-2024-24698.json) (`2024-02-14T00:15:47.967`)
* [CVE-2024-24699](CVE-2024/CVE-2024-246xx/CVE-2024-24699.json) (`2024-02-14T00:15:48.150`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `10`
* [CVE-2020-36641](CVE-2020/CVE-2020-366xx/CVE-2020-36641.json) (`2024-02-13T21:15:08.020`)
* [CVE-2023-40545](CVE-2023/CVE-2023-405xx/CVE-2023-40545.json) (`2024-02-13T21:08:23.400`)
* [CVE-2023-38579](CVE-2023/CVE-2023-385xx/CVE-2023-38579.json) (`2024-02-13T21:56:17.013`)
* [CVE-2023-40143](CVE-2023/CVE-2023-401xx/CVE-2023-40143.json) (`2024-02-13T22:02:22.543`)
* [CVE-2023-31426](CVE-2023/CVE-2023-314xx/CVE-2023-31426.json) (`2024-02-13T22:15:45.290`)
* [CVE-2023-6831](CVE-2023/CVE-2023-68xx/CVE-2023-6831.json) (`2024-02-13T22:15:45.633`)
* [CVE-2023-28049](CVE-2023/CVE-2023-280xx/CVE-2023-28049.json) (`2024-02-13T22:50:00.197`)
* [CVE-2023-52239](CVE-2023/CVE-2023-522xx/CVE-2023-52239.json) (`2024-02-13T22:50:50.313`)
* [CVE-2023-32454](CVE-2023/CVE-2023-324xx/CVE-2023-32454.json) (`2024-02-13T22:52:06.240`)
* [CVE-2023-32479](CVE-2023/CVE-2023-324xx/CVE-2023-32479.json) (`2024-02-13T22:54:59.277`)
* [CVE-2024-20827](CVE-2024/CVE-2024-208xx/CVE-2024-20827.json) (`2024-02-13T21:01:49.557`)
* [CVE-2024-20828](CVE-2024/CVE-2024-208xx/CVE-2024-20828.json) (`2024-02-13T21:04:29.373`)
* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-13T21:22:10.380`)
* [CVE-2024-1254](CVE-2024/CVE-2024-12xx/CVE-2024-1254.json) (`2024-02-13T21:25:34.593`)
* [CVE-2024-1261](CVE-2024/CVE-2024-12xx/CVE-2024-1261.json) (`2024-02-13T21:41:45.737`)
* [CVE-2024-1260](CVE-2024/CVE-2024-12xx/CVE-2024-1260.json) (`2024-02-13T21:47:49.667`)
* [CVE-2024-1259](CVE-2024/CVE-2024-12xx/CVE-2024-1259.json) (`2024-02-13T21:59:18.957`)
* [CVE-2024-22514](CVE-2024/CVE-2024-225xx/CVE-2024-22514.json) (`2024-02-13T22:09:31.440`)
* [CVE-2024-22515](CVE-2024/CVE-2024-225xx/CVE-2024-22515.json) (`2024-02-13T22:12:12.863`)
* [CVE-2024-1258](CVE-2024/CVE-2024-12xx/CVE-2024-1258.json) (`2024-02-13T22:21:21.863`)
* [CVE-2024-20826](CVE-2024/CVE-2024-208xx/CVE-2024-20826.json) (`2024-02-13T22:48:41.373`)
* [CVE-2024-24808](CVE-2024/CVE-2024-248xx/CVE-2024-24808.json) (`2024-02-13T22:48:57.290`)
* [CVE-2024-23304](CVE-2024/CVE-2024-233xx/CVE-2024-23304.json) (`2024-02-13T22:49:18.687`)
* [CVE-2024-22433](CVE-2024/CVE-2024-224xx/CVE-2024-22433.json) (`2024-02-13T22:51:37.293`)
* [CVE-2023-31492](CVE-2023/CVE-2023-314xx/CVE-2023-31492.json) (`2024-02-13T23:15:08.187`)
* [CVE-2023-36486](CVE-2023/CVE-2023-364xx/CVE-2023-36486.json) (`2024-02-14T00:22:06.447`)
* [CVE-2023-36485](CVE-2023/CVE-2023-364xx/CVE-2023-36485.json) (`2024-02-14T00:22:22.397`)
* [CVE-2023-4503](CVE-2023/CVE-2023-45xx/CVE-2023-4503.json) (`2024-02-14T00:27:32.513`)
* [CVE-2024-0684](CVE-2024/CVE-2024-06xx/CVE-2024-0684.json) (`2024-02-14T00:26:13.380`)
* [CVE-2024-25140](CVE-2024/CVE-2024-251xx/CVE-2024-25140.json) (`2024-02-14T00:26:27.847`)
* [CVE-2024-23673](CVE-2024/CVE-2024-236xx/CVE-2024-23673.json) (`2024-02-14T00:26:41.517`)
* [CVE-2024-0690](CVE-2024/CVE-2024-06xx/CVE-2024-0690.json) (`2024-02-14T00:27:00.660`)
* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-14T00:27:14.370`)
* [CVE-2024-22365](CVE-2024/CVE-2024-223xx/CVE-2024-22365.json) (`2024-02-14T00:27:40.143`)
## Download and Usage